val bcSocket = sslSocket as BCSSLSocket

      val sslParameters = bcSocket.parameters

      // Enable ALPN.
      sslParameters.applicationProtocols = Platform.alpnProtocolNames(protocols).toTypedArray()

      bcSocket.parameters = sslParameters
    }
  }

  companion object {
    val factory =
      object : DeferredSocketAdapter.Factory {

    val client = makeClient(ConnectionSpec.RESTRICTED_TLS, TlsVersion.TLS_1_2)

    val handshake = makeRequest(client)

    assertThat(handshake.cipherSuite).isIn(*expectedModernTls12CipherSuites.toTypedArray())

    // Probably something like
    // TLS_AES_128_GCM_SHA256
    // TLS_AES_256_GCM_SHA384
    // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  @SuppressSignatureCheck
  override fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate> {
    val certificates = (chain as List<X509Certificate>).toTypedArray()
    try {
      return x509TrustManagerExtensions.checkServerTrusted(certificates, "RSA", hostname)
    } catch (ce: CertificateException) {
      throw SSLPeerUnverifiedException(ce.message).apply { initCause(ce) }

  ) {
    if (sslSocket is BCSSLSocket) {
      val sslParameters = sslSocket.parameters

      // Enable ALPN.
      val names = alpnProtocolNames(protocols)
      sslParameters.applicationProtocols = names.toTypedArray()

      sslSocket.parameters = sslParameters
    } else {
      super.configureTlsExtensions(sslSocket, hostname, protocols)
    }
  }

  override fun getSelectedProtocol(sslSocket: SSLSocket): String? =

 * as part of MODERN_TLS or folded into the default OkHttp client once published and
 * available in JDK11 or Conscrypt.
 */
private val TLS_13 =
  ConnectionSpec.Builder(true)
    .cipherSuites(*TLS13_CIPHER_SUITES.toTypedArray())
    .tlsVersions(TlsVersion.TLS_1_3)
    .build()

private val TLS_12 =
  ConnectionSpec.Builder(ConnectionSpec.RESTRICTED_TLS)
    .tlsVersions(TlsVersion.TLS_1_2)
    .build()

private fun testClient(

      while (true) {
        val line = source.readUtf8Line() ?: break
        if (line.isEmpty() || line.startsWith("#")) continue

        var i = 0
        val parts = line.split(Regex(" ")).toTypedArray()

        val element = WebPlatformUrlTestData()
        element.input = unescape(parts[i++])

        val base = if (i < parts.size) parts[i++] else null
        element.base =
          when {

      // Enable session tickets.
      Conscrypt.setUseSessionTickets(sslSocket, true)

      // Enable ALPN.
      val names = Platform.alpnProtocolNames(protocols)
      Conscrypt.setApplicationProtocols(sslSocket, names.toTypedArray())
    }
  }

  companion object {
    val factory =
      object : DeferredSocketAdapter.Factory {
        override fun matchesSocket(sslSocket: SSLSocket): Boolean {

    try {
      SSLSockets.setUseSessionTickets(sslSocket, true)

      val sslParameters = sslSocket.sslParameters

      // Enable ALPN.
      sslParameters.applicationProtocols = Platform.alpnProtocolNames(protocols).toTypedArray()

      sslSocket.sslParameters = sslParameters
    } catch (iae: IllegalArgumentException) {
      // probably java.lang.IllegalArgumentException: Invalid input to toASCII from IDN.toASCII

      for (suite in suites) {
        if (suite != TLS_FALLBACK_SCSV) {
          enabledCipherSuites.add(suite)
        }
      }
      delegate!!.enabledCipherSuites = enabledCipherSuites.toTypedArray<String>()
    }
  }

  companion object {
    /**
     * The cipher suite used during TLS connection fallback to indicate a fallback. See
     * https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

      try {
        readStory(story00)
        result.add(path.name)
      } catch (ignored: IOException) {
        // Skip this path.
      }
    }
    return result.toTypedArray<String>()
  }

  /**
   * Reads stories named "story_xx.json" from the folder provided.
   */
  fun readStories(testFolderName: String): List<Story> {
    val result = mutableListOf<Story>()
    var i = 0